Vulnerability Note VU#880801
Symantec VERITAS NetBackup Volume Manager daemon buffer overflow
OverviewThe Symantec VERITAS NetBackup Volume Manager daemon contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
I. DescriptionSymantec VERITAS NetBackup
Symantec VERITAS NetBackup is a client/server based backup software solution.
NetBackup Volume Manager daemon
The Symantec VERITAS NetBackup Volume Manager is a service used by NetBackup that finds volumes that are needed for backup or restore operations. The Volume Manager daemon (vmd) listens on 13701/tcp by default.
The problem
The Symantec VERITAS NetBackup Volume Manager daemon contains a stack-based buffer overflow.
II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
III. SolutionInstall an update
Symantec has provided updates for the vulnerable software in Security Advisory SYM06-006.
Restrict access
Symantec has provided several workarounds for this vulnerability in Security Advisory SYM06-006, including restricting access to the vulnerable systems.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Symantec, Inc. | Vulnerable | 29-Mar-2006 |
References
http://seer.support.veritas.com/docs/281521.htm
http://www.zerodayinitiative.com/advisories/ZDI-06-005.html
http://secunia.com/advisories/19417/
Credit
This vulnerability was reported by Symantec, who in turn credit TippingPoint with reporting the vulnerability.
This document was written by Will Dormann.
Other Information
| Date Public: | 2006-03-27 |
| Date First Published: | 2006-03-29 |
| Date Last Updated: | 2007-01-12 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2006-0989 |
| NVD-ID(s): | CVE-2006-0989 |
| US-CERT Technical Alerts: | |
| Metric: | 34.63 |
| Document Revision: | 8 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
Get Adobe Reader